upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Fix to wipe ssl ticket keys from memory with explicit_bzero,

Browse source 
if available.


git-svn-id: file:///svn/unbound/trunk@5153 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2019-04-08 14:42:08 +00:00
parent 32b1d900ff
commit bd3c02bd59
2 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
doc/Changelog
View file

@ -7,6 +7,8 @@
multicast DNS [RFC 6762] via Avahi. The plugin communicates
with Avahi via DBus. The comment section at the beginning of
the file contains detailed documentation.
- Fix to wipe ssl ticket keys from memory with explicit_bzero,
if available.
5 April 2019: Wouter
- Fix to reinit event structure for accepted TCP (and TLS) sockets.

7
util/net_help.c
View file

@ -1245,7 +1245,12 @@ listen_sslctx_delete_ticket_keys(void)
struct tls_session_ticket_key *key;
if(!ticket_keys) return;
for(key = ticket_keys; key->key_name != NULL; key++) {
memset(key->key_name, 0xdd, 80); /* wipe key data from memory*/
/* wipe key data from memory*/
#ifdef HAVE_EXPLICIT_BZERO
explicit_bzero(key->key_name, 80);
#else
memset(key->key_name, 0xdd, 80);
#endif
free(key->key_name);
}
free(ticket_keys);